GUADEC 2010 – The Hague

I’ve been to GUADEC *yay*! I am going to summarize some of the talks I’ve attended and some of the many seriously interesting conversations I’ve during this week. But in short: This was one of the best GUADECs, progress wise. I met many people, brought my teams (bugsquad and membership-committee) forward, had new inspirations and fixed some bugs

But the week started with some work. Apparently, the network was not fully set up yet and we had to use a lot of duct tape to set everything up. After people saw me being “in charge” for the network, they started to complain why the network was not running properly The problem was, that the Uplink was kind of broken. Basically a big firewall blocked that many connections because it thought it was under attack. The solution then was to claim some of the universities IP addresses and do a big SNAT for the users.

Having said that, the network was up and running perfectly on Wednesday, making it a perfectly networked GUADEC The last GUADECs usually had some troubles with the connection even after the event started (remember the broken uplink on Gran Canaria or the rather bad wireless situation in Birmingham?).

The Hotel’s wireless was ridiculously expensive. They wanted 10 quid for 24 hours. But I realized, that the default gateway is announced as being at 192.168.1.1 and if you visited that with a web browser, you’d find out that it was a Zyxel VSG-1200. Turns out, documentation is very verbose, including a default username and password… The rest is left as an exercise for the reader. If you didn’t want to go that route, you could easily claim an active MAC-Address and IP and reuse the authentification…

I haven’t seen covered that Xan and Fernando mocked about the newly promulgated Speaker Guidelines which they didn’t respect either. It’s an interesting discussion though. It is obviously a shield for attacks from the outside so that we (as GNOME) can point to these guidelines if one of our speakers might have offended anyone. But do we, as GNOME, need such a thing in first place? And what happens if we refer to those guidelines over and over again but nobody complies with those? Probably nothing. But do we need to lie to ourselves then? Can’t we expect the people to have enough common sense? Do we want to be a community where we can’t assume enough common sense?

An issue that I didn’t really understand was that the usual picking on Canonical took place. Apparently, people expected Canoncial to contribute more since 1999 than they actually did. But they have been founded 2004… That comment summarizes that fact well. Also, I don’t really get why people expect a distributor to engineer stuff in, say, GNOME. I don’t hear anybody complaining about, say, Mandriva or Gentoo.

Bred Kuhn told us to save human lives by rolling out more crypto within GNOME. I couldn’t agree more. But sadly, we have a long way to go. For now, you can’t even handle your OpenPGP key in a sane way, i.e. rolling over to a new key. It strikes me that we still don’t have a concept encrypted end to end communication, i.e. with Telepathy (well, email is too broken to be tackled). Apparently XTLS should be used. But no PKI will be used, thus discouraging the enhancement of the OpenPGP Web of Trust. It would be absolutely brilliant if Telepathy used OpenPGP keys (maybe even create one if none existed). If then spoken with another entity via Telepathy, it could ask the user to verify the other persons identity via, say, a Videochat. That chat would use the public key material for encryption. The assumption is that the two parties know each other and that a man-in-the-middle cannot spoof valid data quick enough. The other persons key would then more or less automatically be signed. I talked a lot to Stef Walter and other people around GNOME-Keyring and Seahorse and we had good ideas. Let’s see how much we can get done.
But we’ll have a long way to go, since GNOME doesn’t even provide fundamental encryption for it’s webservices, i.e. live.gnome.org or even the RequestTracker

As for the teams I feel responsible for, I met with a few Bugsquad folks and we’ve discussed a few things. I am still in Post-GUADEC mode to get everything off my Todo-List that accumulated over GUADEC. The most immediate action is to get close bugs of deprecated modules and get rid of the products in Bugzilla. Other lower priority issues are to (finally!) organise a bugday and test a JetPack which helps dealing with Bugzilla…

I also had a few discussion related to the GNOME Foundation Membership process. We somehow have to think about the people that feel intimidated joining the GNOME Foundation. Also we will discuss our strategy and policy of evaluating non trivial contributions to GNOME.

Having said all that. I want to that the GNOME Foundation for paying my accommodation and making such a productive week possible.